50 lines
1.3 KiB
Nix
50 lines
1.3 KiB
Nix
{ lib, config, ... }:
|
|
|
|
let
|
|
dnscryptListenAddress = "127.0.0.1";
|
|
dnscryptListenPort = 9053;
|
|
in
|
|
{
|
|
config = lib.mkIf config.jalr.workstation.enable {
|
|
services.dnscrypt-proxy = {
|
|
enable = true;
|
|
settings = {
|
|
ipv6_servers = true;
|
|
require_dnssec = true;
|
|
require_nolog = true;
|
|
require_nofilter = true;
|
|
dnscrypt_ephemeral_keys = true;
|
|
tls_disable_session_tickets = true;
|
|
listen_addresses = [ "${dnscryptListenAddress}:${toString dnscryptListenPort}" ];
|
|
anonymized_dns.skip_incompatible = true;
|
|
};
|
|
};
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
resolveLocalQueries = true;
|
|
settings = {
|
|
server = [
|
|
"/iceportal.de/172.18.0.1"
|
|
"/lab.fablab-nea.de/192.168.94.1"
|
|
"/iot.bw.jalr.de/192.168.42.1"
|
|
"/lan.bw.jalr.de/192.168.42.1"
|
|
"/lechner.zz/192.168.0.1"
|
|
"/login.wifionice.de/172.18.0.1"
|
|
"${dnscryptListenAddress}#${toString dnscryptListenPort}"
|
|
];
|
|
address = [
|
|
"/localhost/127.0.0.1"
|
|
];
|
|
no-resolv = true;
|
|
interface = "lo";
|
|
listen-address = [
|
|
"::1"
|
|
"127.0.0.1"
|
|
];
|
|
bind-interfaces = true;
|
|
dns-loop-detect = true;
|
|
neg-ttl = 5;
|
|
};
|
|
};
|
|
};
|
|
}
|